Note: I am not an OpenAI employee
This is an interesting question and one for which I can find no specific official answer.
In checking the related topics below, this question has been asked but does not have any satisfactory or official answer.
Using kapa.ai on the OpenAI Discord forum
Question
Is there a way to create API keys not associated with any particular user, but associated instead with the whole organization?
In a production environment using API keys linked to a specific person is bad practice (what if said person leaves the organization?).
It seems to me that right now if I want to use an API key in a production environment I need to create a service user account and manage keys through that account.
This means that the credentials for this account must be shared with all members of the organization that need to manage production API keys.
This, again, seems like bad practice.
Isn’t there a way to create API keys not linked to a particular user?
Reply
Based on the information provided in the extracts, OpenAI recommends that each team member should have a unique API key for their account. Sharing of API keys is against the Terms of Use (https://beta.openai.com/terms-of-use) and is not supported by OpenAI. Instead of sharing your key, you can invite teammates to be part of your organization account through the Members (https://beta.openai.com/?code=uzJvMmP_BXfsXfnr&state=dEFBQzJRNDhFcnYuSXZuWWUwbThaVndTTXRMSU9vbUp%2BRmdXZW1BajJCTA%3D%3D) page. When they join, they’ll get access to their own API Key (https://beta.openai.com/account/api-keys), which will keep your account even safer (source (https://help.openai.com/en/articles/5008148-can-i-share-my-api-key-with-my-teammate-coworker)).
As for the concern about a person leaving the organization, OpenAI allows you to set permissions for each of your API keys when you create a new secret key or by editing an existing key. This means you can restrict or revoke access as needed (source (https://help.openai.com/en/articles/8867743-assign-api-key-permissions)).
For managing secret API keys safely, OpenAI recommends using a Key Management Service. These tools allow you to control access to your keys and improve your overall data security (source (https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety#h_1f1872866a)).
However, the extracts do not provide information about creating API keys not linked to a particular user but associated with the whole organization. For more detailed information or specific use cases, you may want to reach out to OpenAI directly or check their official documentation.
I do think your question needs an official Q&A in the OpenAI FAQ, even if the answer is not one you agree.
As a moderator I will do what I can such a Q&A added.
